[whatwg] Sandboxing ideas
alexey at feldgendler.ru
Mon May 14 14:11:20 PDT 2007
On Mon, 14 May 2007 22:29:57 +0200, Michel Fortin
<michel.fortin at michelf.com> wrote:
> I was pointing out a solution for the problem of separate HTTP requests
> on a forum page. Used in conjunction with some previously-suggested
> security attributes on <iframe>, it could do a pretty good sandbox for
> use comments on a page.
> If you want the sandbox to degrade securely in older browsers, then this
> is not a solution.
Yes, I want the sandbox to degrade securely, as does any webmaster who
might be going to allow some user-supplied scripting while relying on
sandboxing for security. To cover its use cases, this feature must degrade
> But I don't think there's a nice solution to that anyway.
This does degrade securely, doesn't require separate HTTP requests, and
maintains human readability.
However, I admin that it's not quite “nice” (as in “æsthetics”).
Alexey Feldgendler <alexey at feldgendler.ru>
[ICQ: 115226275] http://feldgendler.livejournal.com
More information about the whatwg